mkettler at ...4108...
Sun Jul 18 19:28:02 EDT 2004
At 04:27 PM 7/18/2004, Muhammad Novansarosa wrote:
>can i block MAC @ with guardian ?
>i had modified it, but still cannot block it
By MAC address??? I'd be very surprised.
Snort isn't particularly mac-address oriented.
Depending what kernel level firewall you're having guardian configure you
might be able to do it there directly, but I'd be surprised if either snort
or guardian could trigger an event based only on the source MAC of a packet.
I'm pretty sure linux 2.4x's netfilter is capable of this if you've
compiled your kernel with the "MAC Address match support" option.
It seems out-of-place to use an IDS to do something trivial like block a
MAC or IP address. Firewall scripts do that kind of thing on their own
More information about the Snort-users